Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: converting oracle passwords

Re: converting oracle passwords

From: Jerry Metz <JMetz1_at_ix.netcom.com>
Date: Wed, 03 Apr 2002 16:08:52 GMT
Message-ID: <3CAB2913.74363350@ix.netcom.com>


Actually, this is not true. The following SQLPlus script can be run from the SYSTEM user. It will not allow you to do all of the passwords in one crack, but if you're a DBA and your intent is pure, I'm sure that you'll think of something.

set verify off
set echo off
set feedback off
set termout off
set pause off
connect /
column op noprint new_value old_pw
select password op from dba_users
 where username = upper('&1')
/
alter user &1 identified by temppw;
connect &1/temppw
grant connect to &1 identified by values '&&old_pw'; set termout on
show user
set feedback on

damorgan wrote:

> It is impossible.
>
> Were it possible there would be no security in an Oracle database.
>
> And, quite frankly, there are only two reasons I can conceive of for
> wanting unencrypted passwords belonging to other users. One is a lack of
> experience so profound that you don't understand the Oracle security
> model. The other that you are trying to hack the system.
>
> Daniel Morgan
>
> John wrote:
>
> > I have a system that used oracle users for logins. The passwords are
> > of course encrypted. Our new system uses it's own table for
> > validation of logins. I need to copy over the usernames and passwords
> > from the dba_users table, into a seperate table, and have the
> > passwords be unencrypted so it can read them. Is there an easy way to
> > do this? Thanks.
> >
> > JR


Received on Wed Apr 03 2002 - 10:08:52 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US